The Know Unknowns: Importance

of Project Risk Management (PRM)

Wissam Yaacoub, PMP, PMI-RMP
Why PRM?
Because risks have the potential to cause deviations from the project plan and
from pre-defined objectives.

PRM encourages PROACTIVE management practices that help

deliver projects successfully.
Risk Tolerance

There are:
1. Risks we tolerate
2. Risks we cannot tolerate
Risk tolerance is a measure of willingness to accept higher risk in exchange for higher
potential returns.

Risk appetite is the amount and type of risk that an organization is willing to take in order to meet
their strategic objectives.
Risk: The Known Unknown

Risk is about information

Uncertainty Risk Certainty

Spectrum of Risk

Unknown Known Known

Unknowns Unknowns Knowns

No information Partial information Complete information

time
Adapted from Burke (2003) “Project Management Planning and Control Techniques”
An Example about Managing Risks
 1. Based on 2. Which of
your these have been
experience, previously
please foreseen and
identify the controlled by
top travel you?
risks!

Based on your most recent leisure trip experience

 Concern is
Risk is not
analyzed to
adequately
identify root
addressed
cause(s)
CONCERN RISK ISSUE
Uneasy feeling that an Likelihood that an issue Occurrence of risk
issue may arise which may arise which could event which will
could affect the affect the project’s affect the project’s
project’s success. success. success.

No root cause or firm Root cause(s) i.e. firm

basis for concern yet basis/ justification of risk
identified. is identified.
Risk Culture in Life and in Organizations
 Project Risk Management Processes

Adapted from PMI PMBOK 6th Edition.

Planning Risk Management
According to PMI, a risk management plan includes some or all of the following elements:

Definition of the
Stakeholders’
Risk Strategy Probability and
Risk Appetite
Impacts

Methodology: Risk Risk register

Tools and data Breakdown and risk report
sources Structure (RBS) formats

Roles and
Timing: When Tracking and
responsibilities
and how often auditing
(RACI matrix)
Risk Identification Tools & Techniques

1. Expert judgment
2. Data gathering
• Brainstorming
• Checklists
• Interviews
3. Data analysis
• Root cause analysis
• Assumption and constraint analysis
• SWOT analysis
• Document or contract analysis
4. Interpersonal and team skills
5. Prompt lists of categories: PESTLE, VUCA,…
6. Risk workshops
Cause-Effect Diagram Root Cause Analysis:
- The main and true cause of the risk event.
- Without the root cause the risk wouldn’t have occurred.
- Controlling the root cause could eliminate the problem.

Identify Risk Output:

Risk Register, Risk Report,
Document Updates
 Risk Register Template
Impact Analysis Qualitative Rating
Risk Confidenc Risk Risk Response
Code
Risk Event Root Causes Effects RBS e Level % Score Strategy
Time Cost Scope Quality Impact Likelihood Level

1. The process of obtaining the approvals from the

relevant governmental authorities is delayed. (our input
is not mentioned)
Having to rent power or
Failure to meet the 'Wild Air' 2. 3rd party contractor laying cables from 132KV Mitigate
PD01 use temporary PD 7 5 3 1 4.7 5 60% 30 MEDIUM
date specified in the Contract. substation falls behind schedule; Nesma has to Risk
generators
interface and coordinate as required with the third party
contractor to ensure timely preparation
and connection of the permanent power.

1.Contractual Obligation
2. Design is still under progressive development
Loss of profit on omitted , Loss of highly profitable
FN01 3. All savings in their entirety will be passed directly to FN 3 7 3 3 4.3 5 50% 26 MEDIUM Avoid Risk
altered, or value engineered. items
the Client.

1. The Employer shall be discharged from all liability in Unclaimable and costly
Employer's Site data Mitigate
LE01 connection with any claims on the grounds of lack of works in included in LE 5 5 3 3 4.3 7 75% 40 HIGH
inaccurate/insufficient or wrong Risk
sufficient or probative data or information. budget
 Project Risk Management Processes

Risk Analysis

Adapted from PMI PMBOK 6th Edition.

Risk Analysis
The Risk Matrix tool is established based on the company’s risk appetite. It defines the level of risk by considering its
probability or likelihood against its impact or severity.

Every Risk is Cost (Budget, Expenses, Reserves,…)

analyzed in
terms of its
IMPACT on: Time (Schedule, Milestones, Deadlines,…)

Scope (Contract, Agreement, Variations,…)

Quality (Specifications, Regulations, Satisfaction,…)

The second Impact Risk Assessment Indices

element in the Minor (1) Low (3) Moderate (5) High (7) Major (9) Minor (10%) 1
risk analysis is Low (30%) 3
Very High (9) 9 27 45 63 81
its
Probability

Moderate (50%) 5
PROBABILITY High (7) 7 21 35 49 63
of occurrence. High (70%) 7
Moderate (5) 5 15 25 35 45
Major (90%) 9
Low (3) 3 9 15 21 27

Remote (1) 1 3 5 7 9
 Risk Assessment Indices
Minor (10%) 1
Risk Register Template Low (30%) 3
Moderate (50%) 5
High (70%) 7
Major (90%) 9
Impact Analysis Qualitative Rating
Risk Confidence Risk Response
Code
Risk Event Root Causes Effects RBS Level % Score Risk Level Strategy
Time Cost Scope Quality Impact Likelihood

1. The process of obtaining the approvals from the

relevant governmental authorities is delayed. (our input
is not mentioned)
Failure to meet the 'Wild Air' Having to rent power or
2. 3rd party contractor laying cables from 132KV Mitigate
PD01 date specified in the use temporary PD 7 5 3 1 4.7 5 60% 30 MEDIUM
substation falls behind schedule; Nesma has to interface Risk
Contract. generators
and coordinate as required with the third party
contractor to ensure timely preparation
and connection of the permanent power.

1.Contractual Obligation
2. Design is still under progressive development
Loss of profit on omitted , Loss of highly profitable
FN01 3. All savings in their entirety will be passed directly to FN 3 7 3 3 4.3 5 50% 26 MEDIUM Avoid Risk
altered, or value engineered. items
the Client.

Employer's Site data 1. The Employer shall be discharged from all liability in Unclaimable and costly
Mitigate
LE01 inaccurate/insufficient or connection with any claims on the grounds of lack of works in included in LE 5 5 3 3 4.3 7 75% 40 HIGH
Risk
wrong sufficient or probative data or information. budget
 Risk Breakdown Structure - Types of Risk in Project Management
Type Description and Examples

Financial Risk Typically escalation of project costs due to poor cost estimating accuracy and scope creep,
mistakes in cost estimations, bankruptcy, and insurance costs.
Schedule Risk Risk that activities will take longer than expected. Slippages in schedule typically increase costs
and, also, delay the receipt of project benefits, with a possible loss of competitive advantage.
Quality Risk Risk that the project will fail to produce results consistent with project specifications.

Governance Risk It relates to management performance with regard to ethics, social responsibility, and company
reputation.
Technical Risk Result from errors or incompleteness in design, technological obsolescence, and inefficiency.

Operational Risk It includes risks from poor implementation and process problems such as procurement,
production, and work distribution.
Market Risk It includes competition, foreign exchange, commodity markets, and interest rate risk, as well as
cash flow and credit risks.
Arise from legal and regulatory obligations, including contract risks and litigation brought against
Legal Risk
the organization.
Nature Risk It includes storms, floods, earthquakes, fire, and archaeological discovery.

Political Risk Government policy, public opinion, change in legislation, sabotage, and terrorism; labor strikes;
and civil unrest.
Risk Response
Description Example
Strategy

Eliminate the root cause and thus, eliminate Design change, or shutting down a
1) Avoid
1 the project risk. construction site in bad weather

Insurance purchases, warranties,

2) Transfer Transfer the risk to some other party.
guarantees, sub-contracting, etc.
2
To reduce risk of injuries,
Reduce the probability and/or impact of the
3) Mitigate contractor install temporary
risk
lighting, signs, and handrails.
3
Passive acceptance leaves action to be
determined as needed, in case of a risk Exchange rate fluctuation for
4) Accept
event. Active acceptance involves allocation imported goods
4
of contingency reserves to the project.

Risks which cannot be monitored and

5 handled by the project are escalated to the
5) Escalate Lack of workforce for the project
upper level, for example to program
management.
Residual & Secondary Risk

Residual Risk is the remaining level of risk following the development and implementation of
the risk response strategy. The residual risk should always be less than the inherent risk,
otherwise there would be no justification for selecting the risk response.

Secondary Risk is a new risk caused by the response plan. If the risk response was not
taken, the secondary risk would not exist. In some cases, secondary risks can be worse
than primary risks.

The residual or the secondary risk is also evaluated for its

severity and may require a new treatment if it is not within the
risk tolerance; otherwise it will be kept on the watch list.
The Case of Boeing 737 MAX Jet

Cause: Engine is placed higher and farther out on the wing than previous models
Risk: Plane could pitch upward in certain conditions
Effect: High likelihood of a plane stall
Response: Mitigate the risk by installing a computer software called MCAS that
automatically brings the nose of the plane down
Secondary Risk 1: Faulty sensors can make the MCAS work when it shouldn’t
Secondary Risk 2: Pilots (Trip PM) are not educated about the new MCAS
Effect: Plane crash / Ruin of company image
The Balance of Knowledge

When making a decision in our risky world, we should be

careful not to place too much weight on
what we think we know
because
what we don’t know
may be more important !!!!
Group Risk Exercise
Identify and analyze at least 5 top risks from any
HOME REMODELING project.
Use the distributed template!

a. Describe each risk event and its root cause

b. Identify the RBS associated with each risk
c. Propose a risk response strategy
 Jal el Dib New Bridge
Lack of Project Risk Management
= Surprises + Crisis Management
= Failure to meet project objectives

Many projects develop baseline programs without

adequately considering risk.

Planners and estimators tend to underestimate costs

and difficulties during the planning of projects.
Risk Communication
90% of a project manager’s job is communication. And one of the most important things to communicate
is project risk.

Make project Bring up

risks part of Lessons
every Learned from
meeting previous
agenda projects

Communicate Don’t be fragile in front of Risk!

the big risks Talk about it, learn from it, and challenge it.

Let project
Create time
leaders make
to deal with
decisions on
opportunities
top risks
“The process of discovery (or innovation,
or technological progress) itself depends
on antifragile* tinkering, aggressive risk
bearing rather than formal education.”
Nassim N. Taleb

*Antifragile: Things that benefit from shocks, risk, and uncertainty.

PMI Risk Management Professional (PMI-RMP)®c

Risk Management Professional Exam:

Preparation Course is 30 to 40 Contact Hours to
be eligible for the PMI Exam.
The certification exam has 170 multiple-choice
questions and you have 3.5 hours to complete it.
Wissam Yaacoub, PMP, PMI-RMP
Mobile: 03-595764
Email: wissam@stormconsults.com

THANK YOU